Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 7.4.5 Administration Guide
    7.4.5
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    SD-WAN Overlay-as-a-Service

    SD-WAN Overlay-as-a-Service

    SD-WAN Overlay-as-a-Service (OaaS) is supported through a license displayed as SD-WAN Overlay as a Service on the System > FortiGuard page. Each FortiGate used by the FortiCloud Overlay-as-a-Service portal must have this license applied to it.

    To view the status of the OaaS license in the GUI:

    1. Go to System > FortiGuard.

    2. Expand License Information. The SD-WAN Overlay as a Service license status is listed as:

      • Licensed: OaaS is currently licensed and will expire on the provided date.

      • Expires Soon: OaaS is currently licensed but will expire soon on the provided date.

      • Expired: The OaaS license has already expired on the provided date.

      • Not Licensed: OaaS has not been licensed.

    To view the status of the OaaS license in the CLI:

    1. Verify that the entitlement can be updated:

      Note

      The SD-WAN Overlay-as-a-Service license is listed as SWOS in the CLI.

      		 
      # diagnose test update info

System contracts:
    FMWR,Wed Dec 20 16:00:00 2023
    SPAM,Wed Dec 20 16:00:00 2023
    SBCL,Wed Dec 20 16:00:00 2023
    SWNO,Wed Dec 20 16:00:00 2023
    SWNM,Wed Sep 27 17:00:00 2023
    SWOS,Mon Aug 14 17:00:00 2023
    SPRT,Wed Dec 20 16:00:00 2023
    SDWN,Sun Dec 10 16:00:00 2023
    SBCL,Wed Dec 20 16:00:00 2023
    SBEN,Wed Dec 20 16:00:00 2023

    2. Verify that the expiration date log can be generated:

      # execute log display

1: date=2023-08-10 time=00:00:01 eventtime=1691650800645347120 tz="-0700" logid="0100020138" type="event" subtype="system" level="warning" vd="root" logdesc="FortiGuard SD-WAN Overlay as a Service license expiring" msg="FortiGuard SD-WAN Overlay Service license will expire in 4 day(s)"

    To ensure FortiGate spoke traffic remains uninterrupted when configuration is orchestrated from the SD-WAN Overlay-as-a-Service (OaaS), support for an OaaS agent on the FortiGate is available. The OaaS agent communicates with the OaaS controller in FortiCloud, validates and compares the FortiOS configuration, and applies the FortiOS configuration to the FortiGate as a transaction when it has been orchestrated from the OaaS portal. Secure communication between the OaaS agent and the OaaS controller is achieved using the FGFM management tunnel.

    If any configuration change fails to be applied, then the OaaS agent rolls back all configuration changes that were orchestrated. The OaaS status can be acquired using get oaas status.

    To determine the status of OaaS:
    # get oaas status
Account ID: 78992
Account: admin@domain.com
Site: site1
Configuration version: 4
Configuration sync status: SUCCESS
    Target version: 4
    Task ID: xxxxxxxxx
    Error:
    Previous
    Next

    SD-WAN Overlay-as-a-Service

    SD-WAN Overlay-as-a-Service

    SD-WAN Overlay-as-a-Service (OaaS) is supported through a license displayed as SD-WAN Overlay as a Service on the System > FortiGuard page. Each FortiGate used by the FortiCloud Overlay-as-a-Service portal must have this license applied to it.

    To view the status of the OaaS license in the GUI:

    1. Go to System > FortiGuard.

    2. Expand License Information. The SD-WAN Overlay as a Service license status is listed as:

      • Licensed: OaaS is currently licensed and will expire on the provided date.

      • Expires Soon: OaaS is currently licensed but will expire soon on the provided date.

      • Expired: The OaaS license has already expired on the provided date.

      • Not Licensed: OaaS has not been licensed.

    To view the status of the OaaS license in the CLI:

    1. Verify that the entitlement can be updated:

      Note

      The SD-WAN Overlay-as-a-Service license is listed as SWOS in the CLI.

      		 
      # diagnose test update info

System contracts:
    FMWR,Wed Dec 20 16:00:00 2023
    SPAM,Wed Dec 20 16:00:00 2023
    SBCL,Wed Dec 20 16:00:00 2023
    SWNO,Wed Dec 20 16:00:00 2023
    SWNM,Wed Sep 27 17:00:00 2023
    SWOS,Mon Aug 14 17:00:00 2023
    SPRT,Wed Dec 20 16:00:00 2023
    SDWN,Sun Dec 10 16:00:00 2023
    SBCL,Wed Dec 20 16:00:00 2023
    SBEN,Wed Dec 20 16:00:00 2023

    2. Verify that the expiration date log can be generated:

      # execute log display

1: date=2023-08-10 time=00:00:01 eventtime=1691650800645347120 tz="-0700" logid="0100020138" type="event" subtype="system" level="warning" vd="root" logdesc="FortiGuard SD-WAN Overlay as a Service license expiring" msg="FortiGuard SD-WAN Overlay Service license will expire in 4 day(s)"

    To ensure FortiGate spoke traffic remains uninterrupted when configuration is orchestrated from the SD-WAN Overlay-as-a-Service (OaaS), support for an OaaS agent on the FortiGate is available. The OaaS agent communicates with the OaaS controller in FortiCloud, validates and compares the FortiOS configuration, and applies the FortiOS configuration to the FortiGate as a transaction when it has been orchestrated from the OaaS portal. Secure communication between the OaaS agent and the OaaS controller is achieved using the FGFM management tunnel.

    If any configuration change fails to be applied, then the OaaS agent rolls back all configuration changes that were orchestrated. The OaaS status can be acquired using get oaas status.

    To determine the status of OaaS:
    # get oaas status
Account ID: 78992
Account: admin@domain.com
Site: site1
Configuration version: 4
Configuration sync status: SUCCESS
    Target version: 4
    Task ID: xxxxxxxxx
    Error:
    Previous
    Next